Article Id : CTX696734

Last Modified Date : 07-14-2026 11:51

Created Date : 07-14-2026 13:00

Article Record Type : Security Bulletin

Severity : High

Description of Problem

Vulnerabilities have been discovered in the Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client. Refer to the information below for further details: 

Affected Versions:

The following supported versions of Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows are affected by CVE-2026-53565:

  • Citrix Secure Access Client for Windows versions BEFORE 26.6.1.20
  • Citrix Endpoint Analysis Client for Windows versions BEFORE 26.5.1.7

The following supported versions of Citrix Secure Access Client for Windows are affected by CVE-2026-53566:

  • Citrix Secure Access Client for Windows versions BEFORE 26.6.1.20

Details

Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows contain the vulnerabilities mentioned below

CVE-IDDescription Affected ProductsPre-conditionsCWECVSSv4
CVE-2026-53565Local Privilege escalation allows a low-privileged user to gain SYSTEM privilegesCitrix Secure Access Client for Windows 
AND 
Citrix Endpoint Analysis Client for Windows
Standard user access on local systemCWE-269: Improper Privilege Management  CVSS v4.0 Base Score: 8.5(CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
CVE-2026-53566Out-of-bounds memory readCitrix Secure Access Client for WindowsStandard user access on local system and DNE driver is not installedCWE-125: Out-of-bounds ReadCVSS v4.0 Base Score: 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N 

What Customers Should Do

Cloud Software Group strongly urges customers of Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client  to install the relevant updated versions as soon as possible: 

  • Citrix Secure Access Client for Windows 26.6.1.20 and later releases
  • Citrix Endpoint Analysis Client for Windows 26.5.1.7 and later releases

Steps to determine if an appliance meets the CVE preconditions

CVE-2026-53566:
Customers can determine if the DNE driver is not installed by referring to the following documentation: https://docs.netscaler.com/en-us/netscaler-gateway/current-release/vpn-user-config/select-gateway-plugin-for-users.html#completely-skip-the-dne-installation

Bleiben Sie immer aktuell informiert!

Wenn Sie sich in unsere Mailingliste eintragen, werden Sie zukünftig direkt informiert, sobald ein Alarm oder eine Information erstellt wird. Verpassen Sie keine sicherheitskritischen Meldungen mehr und abonnieren den Newsletter noch heute.

Invalid email address
Bitte wählen Sie Ihre Kategorie(n).
Citrix
Nutanix
Weitere
Wir versprechen, Sie nicht zuzuspammen. Sie können sich jederzeit wieder abmelden.